From the perspective of the software vendor, it may be a semi-regular occurrence that they learn that users are being actively harmed by a software vulnerability exploited in-the-wild. So that's an argument that developers have a moral obligation to maintain the ability to push updates their users without delay.

Waiting for the user to click "Check for updates..." is effectively pushing this responsibility onto the users, the vast majority of whom lack the information and expertise needed to make an informed choice about the risk.